[Snort-sigs] Alarm Question

undercoffer undercoffer at ...518...
Fri Apr 19 18:05:33 EDT 2002

In addition to an alarm I would like to write the offending packet(s) from a
tcpdump file to a separate file.

Can I do this via the SNORT rules or do I need to make some programmatic
modification.  If it is a rule, can anyone offer me an example, if
programmatically can anyone offer me some advice?

Thanks in Advance.

More information about the Snort-sigs mailing list